diff options
| -rw-r--r-- | ChangeLog | 10 | ||||
| -rw-r--r-- | auth-passwd.c | 51 | ||||
| -rw-r--r-- | sshd.c | 11 |
3 files changed, 63 insertions, 9 deletions
| @@ -1,3 +1,11 @@ | |||
| 1 | 20050124 | ||
| 2 | - (dtucker) OpenBSD CVS Sync | ||
| 3 | - otto@cvs.openbsd.org 2005/01/21 08:32:02 | ||
| 4 | [auth-passwd.c sshd.c] | ||
| 5 | Warn in advance for password and account expiry; initialize loginmsg | ||
| 6 | buffer earlier and clear it after privsep fork. ok and help dtucker@ | ||
| 7 | markus@ | ||
| 8 | |||
| 1 | 20050120 | 9 | 20050120 |
| 2 | - (dtucker) OpenBSD CVS Sync | 10 | - (dtucker) OpenBSD CVS Sync |
| 3 | - markus@cvs.openbsd.org 2004/12/23 17:35:48 | 11 | - markus@cvs.openbsd.org 2004/12/23 17:35:48 |
| @@ -2015,4 +2023,4 @@ | |||
| 2015 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2023 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 2016 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2024 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 2017 | 2025 | ||
| 2018 | $Id: ChangeLog,v 1.3620 2005/01/20 11:20:50 dtucker Exp $ | 2026 | $Id: ChangeLog,v 1.3621 2005/01/24 10:55:49 dtucker Exp $ |
diff --git a/auth-passwd.c b/auth-passwd.c index 7a68e0562..2e5fbc73a 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
| @@ -36,17 +36,27 @@ | |||
| 36 | */ | 36 | */ |
| 37 | 37 | ||
| 38 | #include "includes.h" | 38 | #include "includes.h" |
| 39 | RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $"); | 39 | RCSID("$OpenBSD: auth-passwd.c,v 1.32 2005/01/21 08:32:02 otto Exp $"); |
| 40 | 40 | ||
| 41 | #include "packet.h" | 41 | #include "packet.h" |
| 42 | #include "buffer.h" | ||
| 42 | #include "log.h" | 43 | #include "log.h" |
| 43 | #include "servconf.h" | 44 | #include "servconf.h" |
| 44 | #include "auth.h" | 45 | #include "auth.h" |
| 45 | #include "auth-options.h" | 46 | #include "auth-options.h" |
| 46 | 47 | ||
| 48 | extern Buffer loginmsg; | ||
| 47 | extern ServerOptions options; | 49 | extern ServerOptions options; |
| 48 | int sys_auth_passwd(Authctxt *, const char *); | 50 | int sys_auth_passwd(Authctxt *, const char *); |
| 49 | 51 | ||
| 52 | #ifdef HAVE_LOGIN_CAP | ||
| 53 | extern login_cap_t *lc; | ||
| 54 | #endif | ||
| 55 | |||
| 56 | |||
| 57 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | ||
| 58 | #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ | ||
| 59 | |||
| 50 | void | 60 | void |
| 51 | disable_forwarding(void) | 61 | disable_forwarding(void) |
| 52 | { | 62 | { |
| @@ -111,11 +121,46 @@ auth_password(Authctxt *authctxt, const char *password) | |||
| 111 | } | 121 | } |
| 112 | 122 | ||
| 113 | #ifdef BSD_AUTH | 123 | #ifdef BSD_AUTH |
| 124 | static void | ||
| 125 | warn_expiry(Authctxt *authctxt, auth_session_t *as) | ||
| 126 | { | ||
| 127 | char buf[256]; | ||
| 128 | quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; | ||
| 129 | |||
| 130 | pwwarntime = acwarntime = TWO_WEEKS; | ||
| 131 | |||
| 132 | pwtimeleft = auth_check_change(as); | ||
| 133 | actimeleft = auth_check_expire(as); | ||
| 134 | #if HAVE_LOGIN_CAP | ||
| 135 | if (authctxt->valid) { | ||
| 136 | pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS, | ||
| 137 | TWO_WEEKS); | ||
| 138 | acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS, | ||
| 139 | TWO_WEEKS); | ||
| 140 | } | ||
| 141 | #endif | ||
| 142 | if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { | ||
| 143 | daysleft = pwtimeleft / DAY + 1; | ||
| 144 | snprintf(buf, sizeof(buf), | ||
| 145 | "Your password will expire in %lld day%s.\n", | ||
| 146 | daysleft, daysleft == 1 ? "" : "s"); | ||
| 147 | buffer_append(&loginmsg, buf, strlen(buf)); | ||
| 148 | } | ||
| 149 | if (actimeleft != 0 && actimeleft < acwarntime) { | ||
| 150 | daysleft = actimeleft / DAY + 1; | ||
| 151 | snprintf(buf, sizeof(buf), | ||
| 152 | "Your account will expire in %lld day%s.\n", | ||
| 153 | daysleft, daysleft == 1 ? "" : "s"); | ||
| 154 | buffer_append(&loginmsg, buf, strlen(buf)); | ||
| 155 | } | ||
| 156 | } | ||
| 157 | |||
| 114 | int | 158 | int |
| 115 | sys_auth_passwd(Authctxt *authctxt, const char *password) | 159 | sys_auth_passwd(Authctxt *authctxt, const char *password) |
| 116 | { | 160 | { |
| 117 | struct passwd *pw = authctxt->pw; | 161 | struct passwd *pw = authctxt->pw; |
| 118 | auth_session_t *as; | 162 | auth_session_t *as; |
| 163 | static int expire_checked = 0; | ||
| 119 | 164 | ||
| 120 | as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", | 165 | as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", |
| 121 | (char *)password); | 166 | (char *)password); |
| @@ -125,6 +170,10 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
| 125 | authctxt->force_pwchange = 1; | 170 | authctxt->force_pwchange = 1; |
| 126 | return (1); | 171 | return (1); |
| 127 | } else { | 172 | } else { |
| 173 | if (!expire_checked) { | ||
| 174 | expire_checked = 1; | ||
| 175 | warn_expiry(authctxt, as); | ||
| 176 | } | ||
| 128 | return (auth_close(as)); | 177 | return (auth_close(as)); |
| 129 | } | 178 | } |
| 130 | } | 179 | } |
| @@ -42,7 +42,7 @@ | |||
| 42 | */ | 42 | */ |
| 43 | 43 | ||
| 44 | #include "includes.h" | 44 | #include "includes.h" |
| 45 | RCSID("$OpenBSD: sshd.c,v 1.306 2005/01/17 22:48:39 dtucker Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.307 2005/01/21 08:32:02 otto Exp $"); |
| 46 | 46 | ||
| 47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
| 48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
| @@ -1664,9 +1664,6 @@ main(int ac, char **av) | |||
| 1664 | 1664 | ||
| 1665 | packet_set_nonblocking(); | 1665 | packet_set_nonblocking(); |
| 1666 | 1666 | ||
| 1667 | /* prepare buffers to collect authentication messages */ | ||
| 1668 | buffer_init(&loginmsg); | ||
| 1669 | |||
| 1670 | /* allocate authentication context */ | 1667 | /* allocate authentication context */ |
| 1671 | authctxt = xmalloc(sizeof(*authctxt)); | 1668 | authctxt = xmalloc(sizeof(*authctxt)); |
| 1672 | memset(authctxt, 0, sizeof(*authctxt)); | 1669 | memset(authctxt, 0, sizeof(*authctxt)); |
| @@ -1674,13 +1671,13 @@ main(int ac, char **av) | |||
| 1674 | /* XXX global for cleanup, access from other modules */ | 1671 | /* XXX global for cleanup, access from other modules */ |
| 1675 | the_authctxt = authctxt; | 1672 | the_authctxt = authctxt; |
| 1676 | 1673 | ||
| 1674 | /* prepare buffer to collect messages to display to user after login */ | ||
| 1675 | buffer_init(&loginmsg); | ||
| 1676 | |||
| 1677 | if (use_privsep) | 1677 | if (use_privsep) |
| 1678 | if (privsep_preauth(authctxt) == 1) | 1678 | if (privsep_preauth(authctxt) == 1) |
| 1679 | goto authenticated; | 1679 | goto authenticated; |
| 1680 | 1680 | ||
| 1681 | /* prepare buffer to collect messages to display to user after login */ | ||
| 1682 | buffer_init(&loginmsg); | ||
| 1683 | |||
| 1684 | /* perform the key exchange */ | 1681 | /* perform the key exchange */ |
| 1685 | /* authenticate user and start session */ | 1682 | /* authenticate user and start session */ |
| 1686 | if (compat20) { | 1683 | if (compat20) { |